PANDA Privacy, Security and Service Policy
Last updated 12.10.20
Responsibly handling customer data has been of utmost importance to PANDA since the inception of the company. We know our customers demand that PANDA meet or exceed similar security policies offered by their software-as-a-service vendors, and we take that commitment extremely seriously. Our policy reflects an effort and focus on this commitment throughout the personnel, technical and process aspects of our business.
This policy reflects the intent of our policy at Product Launch. Varying parts may still be in progress during the pre-launch (beta) period.
PANDA will provide PANDA Services in accordance with industry best practices for support and security to protect customer information hosted by PANDA.
Privacy, Confidentiality, and Personnel Practices
All customer data is considered confidential and is only accessed by PANDA employees as needed to operate and improve the PANDA Services.
Customer data includes data directly input by users as well as information integrated into PANDA Services via various integrations such as Google Workplace services or other Non-PANDA AI Platforms.
In addition to customer data, PANDA also collects, generates, and/or receives the following other information:
- Account Information. To create or update a PANDA workspace account, the customer supplies PANDA with an email address, phone number, password, domain, and/or similar account details. In addition, customers that purchase a paid version of the services provide PANDA (or its payment processors) with billing details such as credit card information and/or a billing address.
- Aggregated Statistics. PANDA may collect and compile data and information related to customer’s and the authorized users’ use of the Services in an aggregated and anonymized manner, including to compile statistical and performance information related to the provision and operation of the Services.
PANDA will use customer data only for the following purposes:
- To provide, update, and maintain our Services. This includes use of the other information described above to support the delivery of the Services under a customer agreement, train PANDA’s AI models, prevent or address service errors, security or technical issues, analyze and monitor usage, trends, and other activities, or at an authorized user’s request.
- To communicate with you by responding to your requests, comments, and questions. If you contact us, we may use your provided contact information to respond.
- To send emails and other communications. We may send you service, technical, and other administrative emails, messages, and other types of communications. We may also contact you to inform you about changes in our services, our services offerings, and important services-related notices, such as security and fraud notices. These communications are considered part of the Services, and you may not opt-out of them.
- For billing, account management, and other administrative matters, PANDA may need to contact you for invoicing, account management, and similar reasons, and we use account data to administer accounts and keep track of billing and payments.
- As required by applicable law, legal process, or regulation.
All PANDA employees with access to customer data and other information above have been successfully trained in information security and privacy and are retrained to reflect any policy changes, as needed, on an ongoing basis. PANDA conducts an employment eligibility verification and background check on each employee as a condition of employment.
Customer data is encrypted in transit and at rest using the latest recommended and appropriate encryption approaches.
All copies of customer data are destroyed within 30 days of the contract end date.
PANDA has controls in place to identify vulnerabilities, risks, and threats throughout the product lifecycle. We conduct security reviews for all designs and implementations to determine and manage risks to ensure PANDA meets security and regulatory best practices and standards.
PANDA uses only world-class hosting providers such as Amazon Web services whereby all operations take place in data centers compliant with numerous security protocols and certifications with reports (e.g. SOC 1, SOC 2, SOC 3, etc) available upon request. PANDA itself will be in the process of SOC 2 Type 1 at the time of go-live.
PANDA is committed to high availability to provide a reliable level of service. Our Services run on fault-tolerant infrastructure and are designed for high scale usage. PANDA, however, cannot be responsible for limitations or problems inherent to the internet, public networks, or 3rd parties services provided by the Customer.
PANDA securely maintains redundant copies of customer data to facilitate recovery in the event of a disaster incident and tests these procedures.
PANDA maintains a logging system including network, server, and security logs. These logs are analyzed in accordance with best practices and also provide for a security audit trail.
In the event of a breach, any unauthorized exposure of customer data will be reported in less than 24 hours and will include the nature of the incident, investigation details, and final disposition.
PANDA technical support includes email, chat, and phone support. Any corrections of defects in the PANDA product are done at no additional cost. Configuration and customization support may be provided to customers on an as-negotiated basis in the relevant customer agreement. PANDA is not responsible in any way for supporting 3rd party systems.
PANDA aims for an incredible customer experience and will provide a rapid response to support issues.
Technical Customer Requirements
PANDA requires customers to use sufficiently modern computing devices and reasonably high network bandwidth. For desktop usage, PANDA requires users to use the latest version of supported browsers which include Chrome, Firefox, IE, Safari, and Edge.